Results 1 to 8 of 8

Thread: I have a theory on the 2WIRE routers....

  1. #1
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    2

    Default I have a theory on the 2WIRE routers....

    ok so i've been lurking for a while and now i happen to be getting pretty good with aircrack/cowpatty etc. I can crack wep and the usual wpa's simple now.

    So we all know about the att 2wire routers....I was wondering how to crack those WPA keys. I started the run wordlists (on my own uverse 2wire with default key) . All failed. then i found ok so most 2wire's have 10 digit hex keys. (my att uverse 2wire has a sticker on the bottom)

    I then compiled this script to create my wordlist
    Code:
    //made by karabaja4
    
    #include <stdio.h>
    #include <stdlib.h>
    
    int main(int argc, char** argv)
    {
        char format[10];
    	
        unsigned long long last = 0;
        unsigned long long i;
    	
        if ((argc != 2) || (atoi(argv[1]) > 16)) {
            printf("\n hex wordlist generator - by karabaja4\n\n");
            printf(" usage: ./hwg n > wordlist.txt\n");
            printf(" n - number of digits (max 16)\n\n");
            exit(0);
        }
        
        sprintf(format, "%s%s%s", "%0", argv[1], "llx\n"); //linux (gcc)
        //sprintf(format, "%s%s%s", "%0", argv[1], "I64x\n"); //windows (mingw)
        
        for (i = 0; i < atoi(argv[1]); i++)
        	last = ((last + 1) * 16) - 1;
    	
        for (i = 0; i < last; i++) printf(format, i);
        printf(format, last);
    	
        return 0; //hooray!
    }
    Code:
    gcc hwg.c -o hwg
    Code:
    ./hwg n > wordlist.txt
    script credit user karabaja 4

    now i will run gemk against this and the ssid, then the hash against the captured 4 way handshake.


    So in theory, eventually in time this will crack the 2WIRE's with the default 10 digit hex key.


    I'm going to try running it against my handshake this weekend when i have more time.

  2. #2
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Don't waste your time with HEX digits.

    Start here:
    Code:
    0000000000
    ...and end up here:
    Code:
    9999999999
    in your search for the WPA default keys.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    66

    Default

    Don't they use the MAC address or serial number by default? That makes the key space a lot smaller.

  4. #4
    Just burned his ISO
    Join Date
    Nov 2009
    Posts
    2

    Default

    Quote Originally Posted by kidFromBigD View Post
    Don't waste your time with HEX digits.

    Start here:
    Code:
    0000000000
    ...and end up here:
    Code:
    9999999999
    in your search for the WPA default keys.
    how would i do that?

    Quote Originally Posted by beakmyn View Post
    Don't they use the MAC address or serial number by default? That makes the key space a lot smaller.
    serial #, i forget how they do it but they at least somehow i know the serial is integrated into the default key, which i know for sure, by default on the att 2WIRE's is 10 digits.`

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Let's work that edit button there OP.
    Its one of the rules you want to uphold.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Senior Member kidFromBigD's Avatar
    Join Date
    Jan 2010
    Location
    Texas
    Posts
    159

    Default

    Quote Originally Posted by whorobj View Post
    how would i do that?
    Plenty of stuff out there about using crunch to generate a bunch of passwords, and then piping the output to pyrit, cowpatty, aircrack-ng or whatever.
    You. Are. Doing. It. Wrong.
    -Gitsnik

  7. #7
    Junior Member daffyduc's Avatar
    Join Date
    Nov 2009
    Posts
    27

    Default

    I did my stint at Bellsouth back when the original 2wire modems came out.... the serial is in fact the wep key by default or at least they used to be.... if tech support changed it it would be the users phone number....

    actually I do not remember if the serials were numbers only..... I was thinking they were not.... but it has been a while

  8. #8
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    1

    Default

    yes, the default 2wire keys are only 10 digit numbers...

    once we have the .txt file, how to we go about brute forcing a router??

    thanks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •